Open mdecimus opened 1 month ago
For example integrating with CrowdSec firewall bouncer https://blog.williamdes.eu/Infrastructure/tutorials/install-crowdsec-and-bouncer-on-pfsense/
The URL provides a list of new line terminated IPs. Thousands
For example integrating with CrowdSec firewall bouncer https://blog.williamdes.eu/Infrastructure/tutorials/install-crowdsec-and-bouncer-on-pfsense/
The URL provides a list of new line terminated IPs. Thousands
Though... Same IP can host both good actors and bad actors.
pfBlockerNG is a good example on pfSense though. It gives you the ability to block IP addresses based on dynamically changing IP lists as well as giving you the ability to block things on DNS level. So that even if you can't block the IP, you can block the domain to punish some of the emails.
I was blackholing a huge chunk of IP addresses on some of my servers, primarily known crypto/virus/tor/brute force scanner's etc.
Some blacklists give you IP addresses, some of them provide you with IP ranges, some are mixed. It would be nice if Stalwart can do parsing and updating such lists.
Like, some examples from my script, not sure if they all still work at the moment though.
curl -ksSfL "https://api.blocklist.de/getlast.php?time=36000"
curl -ksSfL "https://cinsscore.com/list/ci-badguys.txt"
curl -ksSfL "https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt"
curl -ksSfL "https://www.dan.me.uk/torlist/?exit"
curl -ksSfL "https://check.torproject.org/torbulkexitlist?ip=1.1.1.1"
curl -ksSfL "https://rules.emergingthreats.net/blockrules/compromised-ips.txt"
curl -ksSfL "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt"
curl -ksSfL "http://blocklist.greensnow.co/greensnow.txt"
curl -ksSfL "http://danger.rulez.sk/projects/bruteforceblocker/blist.php" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
curl -ksSfL "https://rules.emergingthreats.net/blockrules/emerging-tor.rules" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
curl -ksSfL "https://rules.emergingthreats.net/blockrules/3coresec.rules" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
Which feature or improvement would you like to request?
Block IP addresses listed on iblocklist and similar
Is your feature request related to a problem?
I'm having a problem with...
Code of Conduct